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REMARKS 

I. General 

Claims 1-24 were pending in the present application, and all of such pending claims 
were rejected in the present Office Action (mailed September 8, 2004). The outstanding 
issues in the current Office Action are: 

Claims 1-24 are rejected under 35 U.S.C. § 1 12, second paragraph as being 

indefinite; 

Claims 1 and 3 are rejected under 35 U.S.C. § 102(e) as being anticipated by 
U.S. Patent No. 6,1 15,719 issued to Purdy et al. (hereinafter "Pwrrf/'); 

Claims 10, 12, 15, and 19 are rejected under 35 U.S.C. § 102(e) as being 
anticipated by U.S. Patent No. 6,687,733 issued to Manukyan (hereinafter "Manukyan''); 

Claims 20 and 24 are rejected under 35 U.S.C. § 102(e) as being anticipated 
by U.S. Patent No. 6,449,643 issued to Hyndman et al. (hereinafter "Hyndman"'); 

Claims 2 and 7-9 are rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Purdy in view of Hyndman; 

Claim 4 is rejected under 35 U.S.C. § 103(a) as being unpatentable over Purdy 
in view of U.S. Patent No. 5,930,154 issued to Thalhammer-Reyero (hereinafter 
''Thalhammer-Reyero"'); 

Claims 5 and 6 are rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Purdy in view of Manukyan; 

Claims 1 1 and 14 are rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Manukyan in view of U.S. Patent No. 6,009,274 issued to Fletcher et al. (hereinafter 

"Fletcher''); 

Claim 13 is rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Manul<yan in view of Thalhammer-Reyero; 
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Claims 16-18 are rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Manukyan in view of Hyndman; 

Claim 21 is rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Hyndman in view of Thalhammer-Reyero\ and 

Claims 22-23 is rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Hyndman in view of Manukyan, 

In response, Applicant respectfully traverses the outstanding claim rejections, and 
requests reconsideration and withdrawal thereof in light of the amendments and remarks 
presented herein. 

II. Amendments 

Claims 1 and 10 are amended and new claim 25 is added. No new matter is added by 
these amendments and newly added claim. 

Claim 1 is amended to recite "implementing at least one compartment for containing 
containment of at least one process executable on said processor-based system" (deleted 
language shown in strikethrough and added language shown underlined). Thus, this clarifies 
that the compartment is implemented for containment of at least one process. Claim 1 is 
further amended herein to clarify that the recited "providing" is "by said processor-based 
system". Support for these amendments to claim 1 can be found, inter alia, at page 11, lines 
1-24. 

Claim 10 is amended to delete the element "at least one processor", which is intended 
as a broadening, rather than a narrowing, amendment. 

New claim 25 is added, which depends from claim 1 and recites that the 
implementing at least one compartment comprises "utilizing a kernel for enforcing said at 
least one compartment". Support for this new claim can be found, inter alia^ at page 7, lines 
12-18, and the discussion of FIGURES 4 and 5 of the present application. 
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IIL Rejections under 35 U.S.C. § 112, second paragraph 

Claims 1-24 are rejected under 35 U.S.C. § 1 12, second paragraph as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

Claim 1 

The Office Action asserts that the language "providing at least one operating system 
command-line utility executable to manipulate" is indefinite because it is not made clear who 
or what is providing the command-line utility. Claim 1 is amended herein to clarify that this 
"providing" is "by said processor-based system". Thus, this element of claim 1 is believed to 
be sufficiently definite under 35 U.S.C. § 1 12, second paragraph. 

The Office Action fiarther asserts that "containing" in claim 1 is indefinite because it 
is not made clear if this term applies to containment or not. Claim 1 is amended herein to 
delete the term "containing" and instead recite "implementing at least one compartment for 
containment of at least one process executable on said processor-based system", which 
Applicant respectfully submits clarifies claim 1 in this regard. Accordingly, this element of 
claim 1 is believed to be sufficiently definite under 35 U.S.C. § 1 12, second paragraph, 
particularly in view of the specification's discussion of the containment security mechanism, 
see e.g., page 11, lines 1-24 of the present application. 

The Office Action fiirther asserts that the term "compartment" in claim 1 is indefinite 
because it is not made clear in the claim language whether this is a hardware compartment or 
a software compartment. Applicant respectfully submits that further clarification of this term 
is not required for claim 1 to comply with the requirements of 35 U.S.C. § 1 12, second 
paragraph. First, the present application explains at page 11, lines 1-17: 

As described above, containment is an effective security mechanism to 
implement within a system. As described in greater detail hereafter, 
containment functionality may be implemented within a system by utilizing 
compartments within the system. In general, compartments refer to groups of 
processes or threads which are limited to accessing certain subsets of system 
resources of a computer system. Thus, compartments are semi-isolated 
portions of a system. For example, an operating system for supporting a 
plurality of processes (e.g., applications) may be implemented on a system. 
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wherein at least some of the processes are provided with a label or tag, each 
label or tag being indicative of a logically protected computing environment or 
"compartment." Each process having the same label or tag may belong to the 
same compartment. In certain implementations, containment functionality can 
be provided by mandatory protection of processes, files and network 
resources, with the principal concept being based on the compartment. 
Services and processes (e.g., applications) on the system may be run within 
separate compartments. Processes within each compartment may only have 
direct access to the resources in that compartment. Access to other resources, 
whether local or remote, may be allowed only via well-controlled 
communication interfaces. Exemplary implementations of compartments 
within a system are described in further detail hereafter. 

Thus, Applicant submits that the term "compartment" as used in claim 1 is 
sufficiently clear in accordance with 35 U.S.C. § 1 12, second paragraph, particularly in view 
of the specification of the present application. Further, any remaining question regarding 
whether the recited compartment is a hardware compartment or a software compartment goes 
to breadth of this term. Applicant reminds the Examiner that breadth is not indefiniteness, 
see M.P.E.P. § 2173.04. 

In view of the above. Applicant respectfully requests withdrawal of the outstanding 
rejections of claim 1 under 35 U.S.C. § 1 12, second paragraph. 

Claim 10 

As with claim 1, the Office Action asserts that the term "compartment" of claim 10 is 
indefinite. The Office Action asserts that "it is not made explicitly clear in the claim 
language whether this is a hardware compartment or a software compartment". Page 2 of the 
Office Action. However, claim 10 recites " an operating system implementing at least one 
compartment to which at least one process executable on said system can be associated" 
(emphasis added). Applicant respectfully submits that claim 10 clearly recites that an 
operating system implements the "compartment", and thus the compartment is sufficiently 
clear under 35 U.S.C. § 1 12, second paragraph. 

The Office Action further asserts that "at least one configuration file defining at least 
one compartment" of claim 10 is indefinite. The Office Action asserts that this language is 
indefinite "because it is not made explicitly clear in the claim language where this is from." 
Page 3 of the Office Action. The Office Action goes on to explain that "it is unclear if it is 
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located in the compartment or outside the compartment". Id. Applicant respectfully submits 
that this language is sufficiently clear in that it recites that the claimed "system" comprises 
the recited "at least one configuration file". Clarifying specifically where the configuration 
file is located within the system (e.g., whether it is located in the compartment or outside the 
compartment) is unnecessary for definiteness under 35 U.S.C. § 1 12, second paragraph. 
Rather, any question regarding whether the configuration file is located in the compartment 
or outside the compartment goes to breadth of the claim (e.g., this language of the claim 
encompasses either case). Applicant again reminds the Examiner that breadth is not 
indefmiteness, see M.P.E.P. § 2173.04. 

The Office Action fiirther asserts that "it is not made explicitly clear whether there is 
one configuration for one compartment, or if a configuration file can be defined for multiple 
compartments". Page 3 of the Office Action. Applicant respectfially submits that the 
language clearly recites "at least one configuration file defining at least one compartment". 
Thus, this language encompasses any situation in which at least one configuration file defines 
at least one compartment. For instance, it encompasses situations in which multiple 
configuration files are provided (which may each define at least one compartment). Thus, in 
some instances multiple configuration files may define a given compartment. Further, this 
language encompasses situations in which a configuration file defines multiple compartments 
(as the language recites "at least one compartment"). While this language encompasses many 
different situations, the breadth of this language does not render it indefinite, see M.P.E.P. § 
2173.04. 

The Office Action further asserts that the language "means for performing 
managemenf is indefinite. The Office Action asserts that this language is indefinite 
"because it is not made explicitly clear in the claim language who or what is performing the 
management". Page 3 of the Office Action. This language is recited in means-plus-fianction 
format, which is permitted under 35 U.S.C. § 1 12. Applicant respectfully reminds the 
Examiner that the sixth paragraph of 35 U.S.C. § 1 12 expressly provides that an "element in a 
claim for a combination may be expressed as a means or step for performing a specified 
function without the recital of structure, material, or acts in support thereof, and such claim 
shall be construed to cover the corresponding structure, material, or acts described in the 
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specification and equivalents thereof." Applicant respectfully submits that no further 
language is needed for this element to be proper under 35 U.S.C. § 1 12, second paragraph. 

Also, claim 10 is rejected as being incomplete for omitting essential structural 
cooperative relationships of elements. "The omitted structural cooperative relationships are: 
a) 'at least one processor' to 'at least one compartment' and b) 'at least one processor' to 
'management'." Pages 3-4 of the Office Action. Claim 10 is amended herein to delete the 
language "at least one processor", which thus renders the above issue moot. 

In view of the above. Applicant respectfully requests withdrawal of the outstanding 
rejections of claim 10 under 35 U.S.C. § 1 12, second paragraph. 

Claim 20 

As with claim 1, the Office Action asserts that the term "compartmenf of claim 20 is 
indefinite. The Office Action asserts that "it is not made explicitly clear in the claim 
language whether this is a hardware compartment or a software compartment". Page 2 of the 
Office Action. However, claim 20 recites "at least one compartment implemented by an 
operating system " (emphasis added). Applicant respectfully submits that claim 20 clearly 
recites that an operating system implements the "compartment", and thus the compartment is 
sufficiently clear under 35 U.S.C. § 1 12, second paragraph. 

The Office Action further asserts that "managing at least one compartment" in claim 
20 is indefinite because "h is not made explicitly clear who or what is doing the managing". 
Page 3 of the Office Action. Claim 20 recites "library of software functions for managing at 
least one compartment implemented by an operating system". Who or what may use the 
library of software functions for performing the managing is irrelevant to the claim. Claim 
20 is sufficiently definite under 35 U.S.C. § 1 12, second paragraph, in that it recites a library 
of software functions for managing at least one compartment implemented by an operating 
system. That is, because it is the library of software functions that is being claimed, the entity 
(e.g., process or user) that may use such library of software functions does not need to be 
specified in order for the library of software functions to be clearly defined by the claim. 

The Office Action further asserts that the terms "at least one process can be associated 
with said at least one compartment and said at least one compartment defines accessibility of 
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resources for said at least one process" and "at least one command-line utility executable to 
manipulate said at least one compartment" are indefinite. First, the Office Action asserts that 
these terms are indefinite "because it is not made explicitly clear in the claim language 
whether there is one process associated with one compartment (or more)". Page 3 of the 
Office Action. Applicant respectfully submits that the language clearly recites "at least one 
process can be associated with said at least one compartment". Thus, this language 
encompasses any situation in which at least one process is associated with at least one 
compartment. While this language encompasses many different situations (e.g., multiple 
processes associated with one compartment, a process associated with multiple 
compartments, etc.), the breadth of this language does not render it indefinite, see M.P.E.P. § 
2173.04. 

Further, the Office Action asserts that the above terms of claim 20 are indefinite 
because "it is not made explicitly clear who is doing the manipulating of the compartment". 
Page 3 of the Office Action. Claim 20 recites "said library of software fiinctions includes at 
least one command-line utility executable to manipulate said at least one compartment". 
Who or what may use the library of software functions (e.g., command-line utility) for 
performing the manipulating is irrelevant to the claim. Claim 20 is sufficiently definite under 
35 U.S.C. § 1 12, second paragraph, in that it recites a library of software functions that 
includes at least one command-line utility executable to manipulate the at least one 
compartment. That is, because it is the library of software functions that is being claimed, the 
entity (e.g., process or user) that may use the command-line utility does not need to be 
specified in order for the library of software functions to be clearly defined by the claim. 

In view of the above. Applicant respectftilly requests withdrawal of the outstanding 
rejections of claim 20 under 35 U.S.C. § 1 12, second paragraph. 

IV. Rejections under 35 U.S.C. § 102(e) 

Claims 1 and 3 are rejected under 35 U.S.C. § 102(e) as being anticipated by Purdy. 
Claims 10, 12, 15, and 19 are rejected under 35 U.S.C. § 102(e) as being anticipated by 
Manukyan. Claims 20 and 24 are rejected under 35 U.S.C. § 102(e) as being anticipated by 
Hyndman, Each of these rejections is addressed below. 
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Independent Claim 1 

Claim 1 recites "providing, by said processor-based system, at least one operating 
system command-line utility executable to manipulate said at least one compartment." Purdy 
does not teach an operating system command-line utility executable to manipulate a 
compartment, as recited by claim 1. In rejecting claim 1, the present Office Action asserts (at 
page 4 thereof) that "Purdy teaches manipulating the compartment and it is inherent that there 
is an operating system command-line utility (computer instructions or scripts) for the 
manipulating because without them, the manipulating could not occur." Applicant 
respectfully disagrees. In order to properly establish that an element is inherently included 
within the applied reference, "the Examiner must provide a basis in fact and/or technical 
reasoning to reasonably support the determination that the allegedly inherent characteristic 
necessarily flows from the teachings of the applied prior art," M.P.E.P. § 21 12, citing Ex 
parte Levy, 17 U.S.P.Q.2d 1461, 1464 (Bd. Pat. App. & Inter. 1990) (emphasis original). 

It is not necessary that an operating system command-line utihty be provided for 
manipulating a compartment. For instance, as described in connection with Fig. 9 of the 
present application, a system administrator was traditionally required to edit a configuration 
file in which compartments are defined in order to manipulate the compartments. Thus, the 
user edited a configuration file, rather than utilizing an operating system command-line 
utility, for manipulating compartments. In the system oi Purdy, it does not necessarily flow 
that an operating system command-line utility is provided, but rather a user may edit a file or 
interact with a database, as examples, for manipulating the "compartments" of Purdy, 

Accordingly, Purdy fails to teach all elements of claim 1, and thus claim 1 is not 
anticipated hy Purdy under 35 U.S.C. § 102. 

Independent Claim 10 

In accordance with 37 C.F.R. § 1.131, Applicant submits an affidavit herewith that 
establishes invention of the subject matter of claim 10 prior to the effective date of Manukyan 
(i.e., prior to June 1, 2001). Accordingly, withdrawal of this rejection of claim 10 is 
respectfully requested. 
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Independent Claim 20 

To anticipate a claim under 35 U.S.C. § 102, a single reference must teach every 
element of the claim, see M.P.E.P. § 2131. As discussed further below. Applicant 
respectfully submits that Hyndman fails to teach each and every element of independent 
claim 20. 

Independent claim 20 recites: 

library of software functions for managing at least one compartment 
implemented by an operating system, wherein at least one process can be 
associated with said at least one compartment and said at least one 
compartment defines accessibility of resources for said at least one process 
associated therewith; and 

said library of software functions includes at least one command-line 
utility executable to manipulate said at least one compartment. 

Hyndman does not teach a library of software functions for managing "at least one 
compartment implemented by an operating system". Page 6 of the present Office Action 
appears to contend that either the building blocks (BB) or "components" of Hyndman are a 
compartment implemented by an operating system. Hyndman teaches that: 

A component or an object is an encapsulated part of a software system 
with a well defined interface. Components serve as the building blocks of a 
systems, or the elements of a software part list, and can be either generic or 
application specific. Generic components serve as a system skeleton, enabling 
code reuse and faster development of new capabiUties. (Col. 1, lines 34-40). 

Hyndman fails to teach that such a component is implemented by an operating system 
to define accessibility of resources for at least one process associated therewith. 

Further, Hyndman does not teach at least one command-line utility executable to 
manipulate the at least one compartment. Hyndman teaches "an access control user interface 
connected to the access control library for viewing and editing the access control data on the 
GUI" (col. 3, lines 13-15). While Hyndman teaches such a user interface to a database, it 
fails to teach a command-line utility executable to manipulate the at least one compartment, 
as recited by claim 20. Again, Hyndman does not teach a compartment implemented by an 
operating system. Thus, Hyndman does not provide a command-line utility for interfacing to 
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the system's operating system in order to manipulate a compartment implemented by such 
operating system. 

In view of the above, claim 20 is not anticipated by Hyndman because Hyndman fails 
to teach all elements of claim 20. 

Dependent Claims 

Claims 12, 15, 19, and 24 each depend either directly or indirectly from one of 
independent claims 10 and 20, and thus inherit all limitations of the respective independent 
claim from which they depend. It is respectfully submitted that dependent claims 12, 15, 19, 
and 24 are allowable not only because of their dependency from their respective independent 
claims for the reasons discussed above, but also in view of their novel claim features (which 
both narrow the scope of the particular claims and compel a broader interpretation of the 
respective base claim from which they depend). 

V. Rejections under 35 U.S.C. § 103(a) 

Claims 2 and 7-9 are rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Purdy in view of Hyndman. Claim 4 is rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Purdy in view of Thalhammer-Reyero. Claims 5 and 6 are rejected under 
35 U.S.C. § 103(a) as being unpatentable over Purdy in view of Manukyan. Claims 1 1 and 
14 are rejected under 35 U.S.C. § 103(a) as being unpatentable over Manukyan in view of 
Fletcher. Claim 13 is rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Manukyan in view of Thalhammer-Reyero. Claims 16-18 are rejected under 35 U.S.C. § 
103(a) as being unpatentable over Manukyan in view of Hyndman. Claim 21 is rejected 
under 35 U.S.C. § 103(a) as being unpatentable over Hyndman in view of Thalhammer- 
Reyero, and claims 22-23 is rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Hyndman in view of Manukyan. Applicant addresses these rejections below. 

Claims 2-9, 11-14, 16-18, and 21-23 each depend either directly or indirectly from 
one of independent claims 1,10, and 20, and thus inherit all Hmitations of the respective 
independent claim from which they depend. It is respectfully submitted that dependent 
claims 2-9, 1 1-14, 16-18, and 21-23 are allowable not only because of their dependency from 
their respective independent claims for the reasons discussed above, but also in view of their 
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novel claim features (which both narrow the scope of the particular claims and compel a 
broader interpretation of the respective base claim from which they depend). 

VI. New Claim 25 

New claim 25 depends from independent claim 1 and is believed to be allowable not 
only because of its dependency from independent claim 1 for the reasons discussed above, 
but also in view of its frirther novel claim features (which both narrows its specific scope and 
compels a broader interpretation of independent claim 1 from which it depends). 



VII. Conclusion 

In view of the above, each of the presently pending claims in this appUcation is 
believed to be in immediate condition for allowance. Accordingly, the Examiner is 
respectfully requested to pass this appUcation to issue. 

Applicant believes no fee is due with this response. However, if a fee is due, please 
charge our Deposit Account No. 08-2025, under Order No. 10013499-1 from which the 
undersigned is authorized to draw. 
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